Computer Security: Principles and Practice - BME
Computer Security: Principles and Practice
Chapter 4 ? Access Control
First Edition by William Stallings and Lawrie Brown
Access Control
"The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner"
central element of computer security an access control policy
defines who (e.g., user, user group, process, etc.) can access what (system resources such as files, channels, services, etc.), in which manner (e.g., read, write, execute, etc.), and under what circumstences (e.g., time, location, history, etc.)
access control enforcement system components that ensure that the system operates in compliance with the access control policy it should be impossible to circumvent the access control enforcement function examples: firewalls, OS reference monitor
General Model of Access Control
access control policy
access control enforcement
Types of Access Control Policies
Discretionary access control (DAC) based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do with the protected resources
Mandatory access control (MAC) based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources)
Role-based access control (RBAC) based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles
Basic Elements of AC
subject - entity that can access objects
e.g., a user, user group, or a process representing a user
object - access controlled resource
e.g. files, directories, records, programs, etc.
access right - way in which subject accesses an object
e.g. read, write, execute, delete, create, search
Discretionary Access Control
often represented in terms of an access matrix
lists subjects in one dimension (rows) lists objects in the other dimension (columns) each entry specifies access rights of the specified subject
to that object
the access matrix is often sparse can be decomposed by either row (credentials) or
column (access control lists) another efficient representation is the authorization
table, which contains (subject, object, access right) triplets
can be sorted (indexed) either by subject (? credentials) or by objects (? ACLs)
Decomposition of an AC Matrix
A more general DAC model
(Lampson, Graham, Denning)
subjects are allowed to alter the protection state (represented by the AC matrix) copy flag ? transfer of the given access right to another subject (w/o copy flag) owner ? can grant any access right on the given object control ? can delete access rights assigned to the given subject
Allowed commands for S0
transfer a/a* to (S, X)
precondition: (S0, X) contains a*
grant a/a* to (S, X)
precondition: (S0, X) contains "owner"
delete a/a* from (S, X)
precondition: (S0, X) contains "owner" or (S0, S) contains "control"
create object X
S0 becomes owner of X
destroy object X
precondition: (S0, X) contains "owner"
create subject S
S0 becomes "owner" of and has "control" on S
destroy subject S
precondition: (S0, S) contains "owner"
Example: UNIX File Access Control
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- network security essentials applications and standards
- computer security principles and practice pearson
- by william stallings computer security principles and
- computer security principles and practice bme
- computer security principles and practice global edition
- cryptography and network security principles and practice